Файл: test.masteram.us/games/fermer/inc/shop_udobr_info.php
Строк: 51
<?php
$int=intval($_GET['id']);
$post = mysql_fetch_array(mysql_query("select * from `fermer_udobr_name` WHERE `id` = '$int' LIMIT 1"));
$timediff=$post['time'];
$oneMinute=60;
$oneHour=60*60;
$oneDay=60*60*24;
$dayfield=floor($timediff/$oneDay);
$hourfield=floor(($timediff-$dayfield*$oneDay)/$oneHour);
$minutefield=floor(($timediff-$dayfield*$oneDay-$hourfield*$oneHour)/$oneMinute);
$secondfield=floor(($timediff-$dayfield*$oneDay-$hourfield*$oneHour-$minutefield*$oneMinute));
if($dayfield>0)$day=$dayfield.'д. ';
if($minutefield>0)$minutefield=$minutefield."м.";else$minutefield='';
$time_1=$day.$hourfield."ч. ".$minutefield;
echo "<img src='img/ud$post[id].jpeg' alt=''>» <b>".$post['name']."</b>";
echo "<br />» Цена: <b> ".$post['cena']."</b>";
echo "<br />» Сокращает на <b> ".$time_1."</b> рост растения";
echo "<form method='post' action='?id=".$int."&$passgen'>n";
echo "<br />Количество:<br />n";
echo "<input type='text' name='kupit' size='4'/><input type='submit' name='save' value='Купить' />";
echo "</form>n";
$kup=$post['cena']*$_POST['kupit'];
if(isset($_POST['kupit']) && $user['fermer_money']>=$kup && $_POST['kupit']>0)
{
mysql_query("INSERT INTO `fermer_udobr` (`kol` , `udobr`, `id_user`) VALUES ('".mysql_real_escape_string($_POST['kupit'])."', '".$int."', '".$user['id']."') ");
mysql_query("UPDATE `user` SET `fermer_money` = `fermer_money`- $kup WHERE `id` = $user[id] LIMIT 1");
header('Location: shop_udobr.php?buy_ok');
}
if(isset($_POST['kupit']) && strlen2($_POST['kupit'])==0 || isset($_POST['kupit']) && $_POST['kupit']<1)echo "<div class='err'>Поле не заполнено!</div>";
if(isset($_POST['kupit']) && $user['fermer_money']<$kup)header('Location: shop.php?buy_no');
?>